[Dshield] snort_18_syslog.pl

Johannes B. Ullrich jullrich at euclidian.com
Thu Nov 1 20:17:58 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> Johannes,
> 
> I'm happy to help test. I've got about 30K alerts in my file... mostly
> Nimda and Code Red but there are quite a few others (55 unique types I
> think). As soon as you give me the script I'll run it over whichever
> file you want... I've got alerts logged to snort's alert file, the
> syslog and MySql.
> 
> Peter
> 

Can you send me a few sample lines to get started with? If possible, send 
your snort.conf file along so I can see how the setup and the log format 
correlate.

  Thanks.



- -- 
- -------
jullrich at sans.org                    Join http://www.DShield.org
                          Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE74a34VOIizK5pIDMRAoenAKDyjG1qN8QE6Tc/lZvDCykJCiRqqQCgmFwi
H9j9/SHzQpUvZHs6WNWoEBM=
=Bo1i
-----END PGP SIGNATURE-----




More information about the list mailing list